PXE Magic: Flexible Network Booting with Menus

Set up a PXE server and then add menus to boot kickstart images, rescue disks and diagnostic tools all from the network.

It's funny how automation evolves as system administrators manage larger numbers of
servers. When you manage only a few servers, it's fine to pop in an install
CD and set options manually. As the number of servers grows, you might
realize it makes sense to set up a kickstart or FAI (Debian's Fully
Automated Installer) environment to automate all that manual
configuration at install time. Now, you boot the install CD, type in a few
boot arguments to point the machine to the kickstart server, and go get a
cup of coffee as the machine installs.

When the day comes that you have to install three or four machines at once,
you either can burn extra CDs or investigate PXE boot. The Preboot
eXecution Environment is an open standard developed by Intel to allow
machines to boot over a network instead of from local media, such as a floppy,
CD or hard drive. Modern servers and newer laptops and desktops with
integrated NICs should support PXE booting in the BIOS—in some cases, it's
enabled by default, and in other cases, you need to go into your BIOS settings to
enable it.

Because many modern servers these days offer built-in remote power and remote
terminals or otherwise are remotely accessible via serial console servers
or networked KVM, if you have a PXE boot environment set up, you can
power on remotely, then boot and install a machine from miles away.

If you have never set up a PXE boot server before, the first part of this
article covers the steps to get your first PXE server up and running.
If PXE booting is old hat to you, skip ahead to the section
called PXE Menu Magic. There, I cover how to configure boot menus when
you PXE boot, so instead of hunting down MAC addresses and doing a lot of
setup before an install, you simply can boot, select your OS, and you are off
and running. After that, I discuss how to integrate rescue tools, such as
Knoppix and memtest86+, into your PXE environment, so they are available to
any machine that can boot from the network.

PXE Setup

You need three main pieces of infrastructure for a PXE setup: a
DHCP server, a TFTP server and the syslinux software. Both DHCP and TFTP
can reside on the same server. When a system attempts to boot from the
network, the DHCP server gives it an IP address and then tells it the
address for the TFTP server and the name of the bootstrap program to run.
The TFTP server then serves that file, which in our case is a PXE-enabled
syslinux binary. That program runs on the booted machine and then can load
Linux kernels or other OS files that also are shared on the TFTP server
over the network. Once the kernel is loaded, the OS starts as normal,
and if you have configured a kickstart install correctly, the install
begins.

Configure DHCP

Any relatively new DHCP server will support PXE booting, so if you don't
already have a DHCP server set up, just use your distribution's DHCP server
package (possibly named dhcpd, dhcp3-server or something similar).
Configuring DHCP to suit your network is somewhat beyond the scope of this
article, but many distributions ship a default configuration file that
should provide a good place to start. Once the DHCP server is installed,
edit the configuration file (often in /etc/dhcpd.conf), and locate the
subnet section (or each host section if you configured static IP assignment
via DHCP and want these hosts to PXE boot), and add two lines:

next-server ip_of_pxe_server;
filename "pxelinux.0";

The next-server directive tells the host the IP address of the TFTP server,
and the filename directive tells it which file to download and execute from
that server. Change the next-server argument to match the IP address of
your TFTP server, and keep filename set to pxelinux.0, as that is the name
of the syslinux PXE-enabled executable.

In the subnet section, you also need to add dynamic-bootp to the range
directive. Here is an example subnet section after the changes:

After the DHCP server is configured and running, you are ready to install
TFTP. The pxelinux executable requires a TFTP server that supports the
tsize option, and two good choices are either tftpd-hpa or atftp. In many
distributions, these options already are packaged under these names, so just install
your distribution's package or otherwise follow the installation
instructions from the project's official site.

Depending on your TFTP package, you might need to add an entry to
/etc/inetd.conf if it wasn't already added for you:

As you can see in this example, the -s option (used for tftpd-hpa) specified
/var/lib/tftpboot as the directory to contain my files, but on some
systems,
these files are commonly stored in /tftpboot, so see your /etc/inetd.conf
file and your tftpd man page and check on its conventions if you are
unsure. If your distribution uses xinetd and doesn't create a file in
/etc/xinetd.d for you, create a file called /etc/xinetd.d/tftp that
contains the following:

As tftpd is part of inetd or xinetd, you will not need to start any service.
At most, you might need to reload inetd or xinetd; however, make sure that
any software firewall you have running allows the TFTP port (port 69 udp)
as input.

Kyle Rankin is Chief Security Officer at Purism, a company focused on computers that respect your privacy, security, and freedom. He is the author of
many books including Linux Hardening in Hostile Networks, DevOps Troubleshooting and The Official Ubuntu

Thanks for this article! I decided to try it out just for the fun of it, but along the way I realized I had needed this for a long time. My job involves training UMTS operators' personnel on the use of their GPRS equipment, and I usually go in with a bunch of Knoppix CDs so the trainees can use the IP tools available or installable there -- from Wireshark, to VLANs and IP tunnels, to mobile phone simulators. While network-booting Knoppix isn't always the most practical solution in this situation, it does help in some cases.

However, I'd like to point out a mistake in the article which could frustrate some other readers' efforts:

The miniroot.gz file located on the /boot/isolinux directory of the Knoppix CD cannot be used for this, because it doesn't support NFS mounting (at least on the Knoppix 5.1.1 and 5.3.1 versions I tested).

You have to use the miniroot.gz file off the /tftpboot directory of a Knoppix Terminal Server. To get that, just boot a Knoppix LiveCD normally (no network boot yet) and start the Terminal Server on the Knoppix Services menu. Wait a few seconds after it is started and the miniroot.gz file will appear under that directory (it is only created when you start the Terminal Server). Now you can copy it to a pendrive or over ssh to your "real" terminal server.

Also, you have to do that with the same Knoppix version you plan to PXE-boot later; files from the recently released 5.3.1 version can't boot a 5.1.1 Knoppix, and vice-versa.

I'll still take in the Knoppix CDs, though. I give them to the trainees after the course, and I have tallied lots of "conversions" this way -- people just didn't know such powerful tools were available for the taking, and this is a real eye-opener for them.